HONOLULU (HawaiiNewsNow) - Hawaii state computers were targeted as part of a massive Iranian computer hacking campaign that also compromised U.S. and foreign universities, private companies and federal agencies, a federal indictment alleges.
In a brief statement issued Friday, the state said "unusual activity" linked to the Iranian hacking was limited to 37 email accounts.
"According to the departments, the emails involved did not contain confidential information. Furthermore, the state's computer systems where confidential information is stored was not breached," state Chief Information Officer Todd Nacapuy said, in the statement.
"We reacted quickly and resolved the situation. Law enforcement officials were contacted to assist in the investigation."
The revelation that state computers were targeted was included in an indictment unsealed Friday that charges nine Iranian citizens allegedly involved in a four-year hacking campaign sponsored by the Iranian government.
Also hacked: 144 U.S-based universities and 176 foreign universities in 21 countries, 50 domestic and foreign private-sector companies, the state of Indiana, the United Nations, the U.S. Department of Labor and the Federal Energy Regulatory Commission, federal authorities allege.
When the FBI learned of the attacks, FBI Deputy Director David Bowdich said in a news conference Friday, "we notified the victims so they could take action to minimize the impact. And then we took action to find and stop these hackers."
According to the FBI, the hackers stole more than 30 terabytes of academic data and intellectual property — roughly three times the amount of data contained in the print collection of the Library of Congress.
The hackers were allegedly affiliated with the Mabna Institute, an Iran-based company created in 2013 to gain access to non-Iranian scientific resources through computer intrusions, the FBI said.
Authorities allege that members of the institute were contracted by the Islamic Revolutionary Guard Corps — one of several entities within the Iranian government responsible for gathering intelligence — as well as other Iranian government clients.
The indictment said the hackers got access to Hawaii state computers using a technique called "password spraying."
Using that technique, hackers first collect lists of names and email accounts from the intended target. Then, they try to gain access to those accounts with commonly-used passwords.